<!--
  This file is a part of the open-eBackup project.
  This Source Code Form is subject to the terms of the Mozilla Public License, v. 2.0.
  If a copy of the MPL was not distributed with this file, You can obtain one at
  http://mozilla.org/MPL/2.0/.
  
  Copyright (c) [2024] Huawei Technologies Co.,Ltd.
  
  THIS SOFTWARE IS PROVIDED ON AN "AS IS" BASIS, WITHOUT WARRANTIES OF ANY KIND,
  EITHER EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO NON-INFRINGEMENT,
  MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  -->


<!DOCTYPE html
  PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html lang="en-us" xml:lang="en-us">
<head>
      <meta http-equiv="Content-Type" content="text/html; charset=utf-8">
   
<meta http-equiv="X-UA-Compatible" content="IE=edge">
<meta name="DC.Type" content="topic">
<meta name="DC.Title" content="Replacing the SSL Certificate of ProtectAgent on the Client (Non-Windows OS)">
<meta name="DC.Format" content="XHTML">
<meta name="DC.Identifier" content="EN-US_TOPIC_0000001792367190">
<meta name="DC.Language" content="en-us">
<link rel="stylesheet" type="text/css" href="public_sys-resources/commonltr.css">
<title>Replacing the SSL Certificate of ProtectAgent on the Client (Non-Windows OS)</title>
</head>
<body style="clear:both; padding-left:10px; padding-top:5px; padding-right:5px; padding-bottom:5px"><a name="EN-US_TOPIC_0000001792367190"></a><a name="EN-US_TOPIC_0000001792367190"></a>

<h1 class="topictitle1">Replacing the SSL Certificate of ProtectAgent on the Client (Non-Windows OS)</h1>
<div><div class="p">With ProtectAgent software installed on the agent host, you need to replace the client SSL certificate in the following scenarios:<ul><li>The client certificate is about to expire.</li><li>The client certificate and server certificate are not issued by the same CA certificate.</li></ul>
</div>
<div class="section"><h4 class="sectiontitle">Prerequisites</h4><ul><li>The client certificate and server certificate must be issued by the same CA certificate.</li><li>You have obtained the CA certificate file <strong>ca.crt.pem</strong>, client certificate file <strong>client.crt.pem</strong>, and client private key file <strong>client.pem</strong>.</li></ul>
</div>
<div class="section"><h4 class="sectiontitle">Procedure</h4><ol><li><span>Use PuTTY to log in to the ProtectAgent host as a system administrator.</span></li><li><span>Upload the certificate files to the specified directory. All files are stored in the same folder.</span></li><li><span>Run the following command to switch to the directory of the <span class="filepath"><b>updateCert.sh</b></span> script:</span><p><pre class="screen">cd /opt/DataBackup/ProtectClient</pre>
</p></li><li><span>Run the following command to run the script:</span><p><pre class="screen">sh updateCert.sh</pre>
<p>Enter the path where the certificate file is stored and the password of the private key file as prompted.</p>
</p></li><li><span>After replacing the client certificate, replace the server certificate. The server certificate needs to be replaced in some scenarios.</span><p><div class="note"><img src="public_sys-resources/note_3.0-en-us.png"><span class="notetitle"> </span><div class="notebody"><ul><li>After the client certificate is replaced, you need to replace the server certificate if the client certificate and server certificate are not issued by the same CA certificate. For details, see <a href="en-us_topic_0000001792526934.html">Importing a Certificate</a>.</li><li>If an exception occurs during certificate replacement, the system automatically performs rollback. If the user stops the certificate replacement, rollback must be performed manually. For details, see <a href="#EN-US_TOPIC_0000001792367190__en-us_topic_0000001311093349_section14663181113118">Performing Rollback for a Certificate</a>.</li><li>After replacing the client certificate, you are advised to import the CRL of the <span>OceanProtect</span>. If the certificate of the <span>OceanProtect</span> has been revoked, communication between ProtectAgent and the <span>OceanProtect</span> is interrupted. For details, see <a href="#EN-US_TOPIC_0000001792367190__section1273603214473">Importing a CRL</a>.</li></ul>
</div></div>
</p></li></ol>
</div>
<div class="section" id="EN-US_TOPIC_0000001792367190__en-us_topic_0000001311093349_section14663181113118"><a name="EN-US_TOPIC_0000001792367190__en-us_topic_0000001311093349_section14663181113118"></a><a name="en-us_topic_0000001311093349_section14663181113118"></a><h4 class="sectiontitle">Performing Rollback for a Certificate</h4><ol><li><span>Use PuTTY to log in to the ProtectAgent host as a system administrator.</span></li><li><span>Run the following commands in sequence to copy the original certificate to the ProtectAgent installation directory:</span><p><pre class="screen">cp -f /opt/DataBackup/ProtectClient/tmpPems/ProtectClient-E/bcmagentca.pem /opt/DataBackup/ProtectClient/ProtectClient-E/bin/nginx/conf/bcmagentca.pem</pre>
<pre class="screen">cp -f /opt/DataBackup/ProtectClient/tmpPems/ProtectClient-E/server.pem /opt/DataBackup/ProtectClient/ProtectClient-E/bin/nginx/conf/server.pem</pre>
<pre class="screen">cp -f /opt/DataBackup/ProtectClient/tmpPems/ProtectClient-E/server.key /opt/DataBackup/ProtectClient/ProtectClient-E/bin/nginx/conf/server.key</pre>
<pre class="screen">cp -f /opt/DataBackup/ProtectClient/tmpPems/ProtectClient-E/agent_cfg.xml /opt/DataBackup/ProtectClient/ProtectClient-E/conf/</pre>
</p></li><li><span>Run the following command to go to the directory of the ProtectAgent script:</span><p><pre class="screen">cd /opt/DataBackup/ProtectClient/</pre>
</p></li><li><span>Run the following commands in sequence to restart the ProtectAgent service:</span><p><pre class="screen">sh stop.sh</pre>
<pre class="screen">sh start.sh</pre>
</p></li></ol>
</div>
<div class="section" id="EN-US_TOPIC_0000001792367190__section1273603214473"><a name="EN-US_TOPIC_0000001792367190__section1273603214473"></a><a name="section1273603214473"></a><h4 class="sectiontitle">Importing a CRL</h4><ol><li><span>Use PuTTY to log in to the ProtectAgent host as a system administrator.</span></li><li id="EN-US_TOPIC_0000001792367190__li788487497"><a name="EN-US_TOPIC_0000001792367190__li788487497"></a><a name="li788487497"></a><span>Use WinSCP to copy the CRL to be imported to any directory on the ProtectAgent host.</span></li><li><span>Run the following commands in sequence to import the CRL. The CRL file path is the file path in <a href="#EN-US_TOPIC_0000001792367190__li788487497">2</a>.</span><p><pre class="screen">cd /opt/DataBackup/ProtectClient</pre>
<pre class="screen">sh crl_update.sh -i <em>CRL file path</em></pre>
</p></li><li><span>If the following information is displayed, the CRL is successfully imported.</span><p><pre class="screen">Exec script succeed.</pre>
</p></li></ol>
</div>
</div>

<div class="hrcopyright"><hr size="2"></div><div class="hwcopyright">Copyright &copy; Huawei Technologies Co., Ltd.</div></body>
</html>